How should a docker engine call look like when issued from within one of the app containers

Question

I am a beginner with docker. I want to run a docker engine api call from within one of my docker containers - specifically list all images (images/json endpoint). I am trying to troubleshoot this, and want to see the issue live from the command line.

I am struggling to figure out what is the host I should be using in the curl request form within a container (this post seems to be related, but I tried all what is suggested there without success). Tried container ip (taken from ifconfig), localhost, service name as defined in the docker-compose yml file. Nothing works.

This post seem to instruct how to do that. But again the suggestion does not work for me: curl --unix-socket /var/run/docker.sock http://images/json. This returns {"message":"page not found"}

Any help would be highly appreciated.

Answer 1

Argh... found the answer here:

curl --unix-socket /run/docker.sock http://docker/images/json finally works for me.

This post talks about the need for "docker" or another dummy host being added starting from curl version 7.4. Older versions did not require it.

Answer 2

The most important is to understand that someone that can run docker commands, has permissions similar to the root account on the host. That being said, if you are fine with that, you can use "docker-in-docker" patter, just start

docker run --privileged=true  -v /var/run/docker.sock:/var/run/docker.sock ...

Of course, you should have docker installed inside the docker image (to have access to the command)

I would recommend to find other solutions without the above, if it is just about listing images (ex: simple REST server on host, accessible only from running containers)